Event Defintion - Alert Trigger - check if message is true in the last 10 minutes

tobi60 · April 8, 2020, 11:29am

Hi everybody,

i am currently trying to build an alert, which will be triggered if a message has just existed and already existed 10 minutes ago.

Example:

message: “Test” -> true & message: “Test” (10 minutes ago) -> true ==> Trigger alert

Does anyone of you know a solution to this problem?

Thanks

jan · April 8, 2020, 2:27pm

that is what the correlation feature is given for.

tobi60 · April 9, 2020, 5:21am

Thanks for the quick answer.

I am currently using Graylog Open Source, so there is no way to use any workaround for this feature?

tmacgbay · April 9, 2020, 2:36pm

If you are ingesting less than 5G a day, you can apply for a free enterprise license.

system · April 23, 2020, 2:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Event if message count is Graylog Central (peer support)	3	1091	April 20, 2020
Alert condition 0 messages in 60 minutes is triggering when there are messages Graylog Central (peer support)	7	874	August 19, 2021
Triggering alert if message is not sent during a certain time frame Graylog Central (peer support)	2	960	July 30, 2018
Event definition help Graylog Central (peer support)	6	992	July 8, 2020
GrayLog 5 and Alerts Graylog Central (peer support)	3	366	June 30, 2023